ROM Hack [REAL!] Play all tracks in MKDS online!

raypou · Dec 12, 2005

Guess no one else has cared to post this yet, but over at GSCentral, Parasyte has found how to select any track for MKDS online mode

description of how he did it: http://gscentral.org/bb/viewtopic.php?p=9944#9944

When I have time, I'm going to look into doing this for myself...

Squiffy · Dec 12, 2005

Nice, I like the part about playing different tracks to your opponents.
I'm guessing all your opponents have to have the hack for this to work properly.

raypou · Dec 12, 2005

actually, i believe that is not the case, as all the carts already have the tracks on them, its more a matter of in the track selection, you pick one that isn't in the list, and if it randomly chooses that one, all the carts know to. That's at least what I gather from what i've read...

Squiffy · Dec 12, 2005

Nope, don't think so:

QUOTE said:
...Instead, the other racers were placed on the track chosen globally for them, meanwhile my NDS had locally chosen whatever track I wanted. This lead to a fascinating discovery; I was able to race around on my track, while everyone else raced on theirs. We were all in the same 'virtual space' but on different tracks. (You could see them passing by, flying through the air going in some random direction, for example.) However, laps still progressed as normal. Learning this, I decided to locally load Baby Park and select some long track (Rainbow Road, etc) for the others to run on. And in under a minute, I would win the match...

754boy · Dec 12, 2005

Read that....looks like we're gonna get a surge of wi-fi hackers who are gonna do this to pad their stats. If u racing on a track alone and at the same time ur opponents are on a totally seperate track, you automatically win on the track you selected and one of them wins on the other track.

Next thing we'll probably see is an aimbot for the all the items (not including the red shells and blue shell of course).....imagina a banana peel landing directly on top an opponent everytime.... lol

memyselfandi · Dec 12, 2005

cool, but i cant do it myself...

raypou · Dec 12, 2005

That quote is from the beginning of the discovery process, not when he actually just changed the track selection in the screen. There, he changed the whole track he was racing on, while the others loaded the chosen track. the other way, if he picks it in the list and it is randomly chosen, everyone loads the same track. He was playing the past few days hosting tracks for people with unmodified games, and it was working...

Eruonen · Dec 13, 2005

In the tournement this is conciderd as cheating right?

IxthusTiger · Dec 15, 2005

Code:

 Â .section Â ".init" 
Â .global Â Â _start 
Â Â
Â @.align 
Â @.arm 
Â .code Â 32 
Â Â
@--------------------------------------------------------------------------------- 
_start: 
@--------------------------------------------------------------------------------- 
Â b Â rom_header_end 

Â .fill Â 156,1,0 Â Â Â Â Â Â Â Â Â@ Nintendo Logo Character Data (8000004h) 
Â .fill Â 16,1,0 Â Â Â Â Â Â Â Â Â@ Game Title 
Â .byte Â 0x30,0x31 Â Â Â Â Â Â Â @ Maker Code (80000B0h) 
Â .byte Â 0x96 Â Â Â Â Â Â Â Â Â@ Fixed Value (80000B2h) 
Â .byte Â 0x00 Â Â Â Â Â Â Â Â Â@ Main Unit Code (80000B3h) 
Â .byte Â 0x00 Â Â Â Â Â Â Â Â Â@ Device Type (80000B4h) 
Â .fill Â 7,1,0 Â Â Â Â Â Â Â Â Â@ unused 
Â .byte Â 0x00 Â Â Â Â Â Â Â Â Â@ Software Version No (80000BCh) 
Â .byte Â 0xf0 Â Â Â Â Â Â Â Â Â@ Complement Check (80000BDh) 
Â .byte Â 0x00,0x00 Â Â Â Â Â Â Â Â Â @ Checksum (80000BEh) 

@--------------------------------------------------------------------------------- 
rom_header_end: 
@--------------------------------------------------------------------------------- 




#define ARM9_ENTRY_ORIGINAL Â Â Â Â Â Â0x02000800 
#define Â ARM7_ENTRY_ORIGINAL Â Â Â Â Â Â0x02380000 

@ Â bl Â DisableInterrupts 
Â Â
Â Â
Â @ Boot ARM9 with: *(volatile unsigned int *)0x027FFE24 = 0x02004000; 
Â ldr Â r2, =ARM9_ENTRY_ORIGINAL 
Â ldr Â r4, =ARM7_ENTRY_ORIGINAL 
Â ldr Â r3, =0x027FFE24 
Â str Â r2, [r3] Â Â Â Â @ redirect ARM9 
Â Â
Â ldr Â r0, =0x400000 
delayLoop: 
Â nop 
Â subs Â r0, r0, #1 
Â bgt Â delayLoop 
Â Â
Â Â
Â @ New Courses on WFC 
Â ldr Â r0, =0x02153A4C 
Â adr Â r1, CourseList 
Â mov Â r2, #12 
listLoop: 
Â ldrb Â r3, [r1],#1 
Â str Â r3, [r0],#4 
Â subs Â r2, r2, #1 
Â bgt Â listLoop 
Â Â
Â Â
Â Â Âmov Â pc, r4 Â Â Â Â @ redirect ARM7 
Â Â
infin: 
Â b Â infin 
Â Â
Â Â.pool 
Â
CourseList: 
Â .byte 0x0C, 0x0F, 0x11, 0x13, 0x17, 0x18, 0x1A, 0x20, 0x21, 0x23, 0x25, 0x26 
Â .align 2 Â Â
Â Â


////////////////////////////////////////////////////////////////////////////// 
// DisableInterrupts 
////////////////////////////////////////////////////////////////////////////// 

DisableInterrupts: 
Â // disable IRQ/FIQ interrupts 
Â mrs Â Â Âr0, CPSR 
Â orr Â Â Âr0, r0, #0xC0 
Â msr Â Â ÂCPSR_fsxc, r0 
Â mov Â Â Âpc, lr 



Â .align 
Â .pool 
Â .end

Based on this code, what bytes of the ROM should I patch?

For people with a PassMe, www natrium42 com/downloads/mktest.ds.gba
Run that from a flashcart with MK in the PassMe and you can pick the non-wifi tracks.

Renegade_R · Dec 15, 2005

Great...now this is gonna lead to a surge of online cheaters which will also lead to more Online ROM protection on Nintendo WFC. When hackers begin to take advantage of the online experience, it will hurt Nintendo financially as people no longer want to play online. And because of that, Nintendo will then improve the protection on ROMs.

It may be a breaking discovery for many.

To me its a very very sad day.

cruddybuddy · Dec 15, 2005

Agreed. This is very bad news.

Heran Bago · Dec 15, 2005

I would guess this part...

QUOTE said:
CourseList:
Â .byte 0x0C, 0x0F, 0x11, 0x13, 0x17, 0x18, 0x1A, 0x20, 0x21, 0x23, 0x25, 0x26
Â .align 2Â Â

But thosre are the courses Parasyte specifically said do not work. Hmm.

How would I dissasemble the ARM9 executable? Is there a program or easy way?

Hitto · Dec 15, 2005

Don't fret over this. You won't meet that many hackers, and sooner or later, big N will silence them.

Heran Bago · Dec 15, 2005

This doesn't make sense though. The guy claims the table is at $02153A4C in the ROM, but the ROM ends at $02000000. I can't find a tool to decompress the ARM9 executable either.

raypou · Dec 15, 2005

that's the same problem I had, I don't think there is yet a program to decompress the arm9. Also, I believe that address could be a virtual address, modified in RAM, but I can't confirm that yet, just a suspicion.

I don't think online cheaters will be much of an issue, but I could be dead wrong. At least parasyte won't himself release any tools for this.

IxthusTiger · Dec 15, 2005

I'm not too worried about cheaters. Parasyte said he won't release anything that will allow cheating, and natrium (who wrote the code above) is also an upstanding sort. The way people would cheat is by setting a short course for themselves while eveyone else races a long course. Hopefully this is what is kept under wraps. Even so, cheaters can be combatted by dropping out. Not by turning off your DS, but by disrupting your wifi connection, for example unplugging your dongle.

I just wanna race on the non-wifi courses

It doesn't put anyone at an advantage or disadvantage, it's just cool.

Heran Bago · Dec 16, 2005

Memory Map

Yea, He's probably reffering to a location in the RAM. But you need to either be able to dissasemble ARM9, or make a ROM loader to proform this, or any similar hack.

raypou · Dec 16, 2005

whoa, this definately works, just played with 2 other guys on shroom ridge with all the cars and such, no lag at all, about to play a few more gamew with friends

shaunj66 · Dec 18, 2005

** USE THIS COMPLETELY AT YOUR OWN RISK - I/WE WILL NOT TAKE ANY RESPONSIBILITY FOR DAMAGES OR ISSUES CAUSED BY USING IT! **

It's been released!!!

I'll post info for everyones information:

A compiled version has been released, I've tested it; and it works a charm!

Just finished playing Airship Fortress and Shroom Ridge with Luse.

Wasn't buggy at all, except one red shell seemed to disapear as soon as I fired it. The rest was flawless.

Equipment you need:

Mario Kart DS (legit cart)
Any kind of PassMe (FlashMe and WiFiMe DO NOT WORK)
A GBA flash cart capable of .nds.gba files.

** USE THIS COMPLETELY AT YOUR OWN RISK - I/WE WILL NOT TAKE ANY RESPONSIBILITY FOR DAMAGES OR ISSUES CAUSED BY USING IT! **

Download this small .nds.gba file: http://gbatemp.net/shaunj66/mktest.ds.zip
And flash it to your GBA cart in GBA mode. (No NDS loaders required!).

Insert a copy of MK

S into your PassMe device, and insert both the PassMe and the GBA flash cart in your DS.

Boot your DS and wait for the PassMe to load from the flash cart. You'll see two white screens that will last for 2-3 seconds, then it will boot just like normal into MK

S. Now in WFC mode, you'll be able to select from any course!

** USE THIS COMPLETELY AT YOUR OWN RISK - I/WE WILL NOT TAKE ANY RESPONSIBILITY FOR DAMAGES OR ISSUES CAUSED BY USING IT! **

Luse · Dec 18, 2005

It's brillant, and while we only got to play two of the tracks, it worked just as fine as any other, except for the one off glitch with the red shell shaun mentioned, everything else was fine.. All the bats/bullets and crazy stuff on Airship Fortress was there, and all the cars in Shroom Ridge were there...

Calling this fucking awesome is an understatement...

ROM Hack [REAL!] Play all tracks in MKDS online!

Well-Known Member

GBATemp's Little Embarrassment

Well-Known Member

GBATemp's Little Embarrassment

:D

Well-Known Member

Well-Known Member

Well-Known Member

Cruddy's Buddy

Well-Known Member

Group: Banned!

Where do puyo come from?

MKDS Tournament Winner

Where do puyo come from?

Well-Known Member

Cruddy's Buddy

Where do puyo come from?

Well-Known Member

GBAtemp Administrator

Now with more MOOSE!!!

Similar threads

Popular threads in this forum